Risk

High

Date Discovered

June 12, 2012

Description

64-bit operating systems and virtualization software running on Intel CPU hardware are prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to escalate privileges and execute arbitrary code with kernel-level privileges or to do a guest-to-host virtual machine escape.
Note: This issue was previously titled 'Microsoft Windows User Mode Scheduler Local Privilege Escalation Vulnerability' but has been updated to better document the underlying issue.

Technologies Affected

Avaya Aura System Platform 1.0

Avaya Aura System Platform 6.0

Avaya Aura System Platform 6.0 SP2

Avaya Aura System Platform 6.0 SP3

Avaya Aura System Platform 6.0.1

Avaya Aura System Platform 6.0.2

Avaya Aura System Platform 6.2

Avaya CMS R16

Avaya CMS r15

Avaya Call Management System R 15

Avaya Call Management System R 16

Avaya Call Management System R16.1

Avaya Call Management System R16.2

Avaya Call Management System R16.3

Avaya IR 4.0

Bsdperimeter pfSense 2.0

Bsdperimeter pfSense 2.0.1

Debian Linux 6.0 amd64

Debian Linux 6.0 arm

Debian Linux 6.0 ia-32

Debian Linux 6.0 ia-64

Debian Linux 6.0 mips

Debian Linux 6.0 powerpc

Debian Linux 6.0 s/390

Debian Linux 6.0 sparc

Fedoraproject Fedora 15

Fedoraproject Fedora 16

Fedoraproject Fedora 17

FreeBSD FreeBSD 7.4

FreeBSD FreeBSD 8.1

FreeBSD FreeBSD 8.2

FreeBSD FreeBSD 8.3

FreeBSD FreeBSD 9.0

Gentoo Linux

Intel Hybrid Cloud Platform 2.5

Intel Hybrid Cloud Platform 3.0

Intel Hybrid Cloud Platform 3.1

Intel Hybrid Cloud Platform 3.1.1

Microsoft Windows 7 for x64-based Systems

Microsoft Windows 7 for x64-based Systems SP1

Microsoft Windows Server 2008 R2 for x64-based Systems

Microsoft Windows Server 2008 R2 for x64-based Systems SP1

NetBSD NetBSD 4.0

NetBSD NetBSD 4.1

NetBSD NetBSD 5.0

NetBSD NetBSD 5.1

Oracle Enterprise Linux 5

Redhat Enterprise Linux 5 Server

Redhat Enterprise Linux Desktop 5 Client

Redhat Enterprise Linux EUS 5.6.Z server

SuSE openSUSE 12.1

Sun Solaris 10

Sun Solaris 11

XenSource Xen 3.4

XenSource Xen 4.0

XenSource Xen 4.1.1

XenSource Xen 4.1.2

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.

To exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.

The vendor released an advisory and updates. Please see the references for details.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.